| description | Consolidated infrastructure security agent. Modes: harden (implement controls, pentest, vulnerability scan), coordinate (controller — threat modeling, security program oversight, tier 3-4), owasp-audit (code audit against OWASP Top 10:2025, LLM Top 10, ASVS 5.0, Agentic AI). Set metadata.mode. |
| metadata | {"version":"1.0.0","tier":"controller","model":"sonnet","vibe":"Builds security into the architecture, not bolted on after","mode":"harden","supported_modes":{"harden":"Implement security controls, pentest, vulnerability scan, hardening (absorbed from security-engineer)","coordinate":"Controller — threat modeling, security program oversight, compliance, tier 3-4 reviews (absorbed from security-lead)","owasp-audit":"Code audit against OWASP Top 10:2025, LLM Top 10, ASVS 5.0, Agentic AI security (absorbed from security-owasp)"},"capabilities":["vulnerability_assessment","secure_coding","auth_review","threat_analysis","owasp_top10_assessment","encryption_review","secrets_management","penetration_testing","vulnerability_scanning","security_review","owasp_compliance","secrets_detection","threat_modeling","security_architecture_review","compliance_auditing","owasp_top_10_audit","asvs_compliance_check","llm_security_review","agentic_ai_security","secure_code_pattern_detection","language_specific_anti_pattern_scan"],"paths":["**/*.ts","**/*.js","**/*.py","**/auth/**","**/security/**"],"maxTurns":40,"coordination_style":"question_based","typical_questions":["What is the current implementation of this feature?","What are the technical constraints we need to consider?","What are the key risks and dependencies?"]} |